A cloud computing architecture relies on a dematerialization based on a virtualization of physical resources. Virtualization involves making several operating systems run on a single computer, or host server, as if they were running on different servers. Virtual environments called virtual machines are thus offered to the users.
Cloud computing architectures are offered to clients with guarantees of service and of availability negotiated by agreement and through pricing matched to the resources which are allocated. In order to maximize the use of the capacities in terms of resources and thereby maximize the economic performance of the cloud computing offers, the resources are generally oversubscribed. Thus, the total quantity of resources configured for the set of virtual machines present on a host server is greater than that actually available on this host. In effect, it is estimated that, most of the time, each of the virtual machines does not seek to consume all the resources configured, or in any case, not at the same time as the other virtual machines co-located on the same host server.
In order to offer clients access at all times to resources in accordance with the terms of the agreement that they have negotiated, resource contention management mechanisms are put in place. They make it possible to balance the use of the resources in real time on a host server, even on a set of host servers.
For example, when there is a rise in the load of a virtual machine hosted by a host server which, upon this rise in load reaches its capacity limit, the resource need of this virtual machine is assessed against other virtual machines co-located on the same host server in order to allocate additional resources to it. An allocation of additional resources can then consist in moving the virtual machine concerned to another host server which has sufficient resources, or in moving machines located on the same host server as this virtual machine to another host server in order for it to have more resources, or even in duplicating the virtual machine on several host servers so as to meet the increased resource needs.
However, such a resource contention management mechanism, implemented to cope with a demand for additional resources originating from a virtual machine, can affect one or more other virtual machines. Thus, when a virtual machine is migrated from a source host server to a destination host server, the migrated machine can suffer from a degradation of performance levels that can vary according to the load of the source host server and/or of the destination host server, according to the load of the virtual machine and the nature of the applications that it runs. Upon the migration, the virtual machine may, in the worst case, suffer an unacceptable occasional loss of connectivity (the term normally used to describe this loss of connectivity is “down time”).
The implementation of a contention management mechanism in a virtual machine to satisfy the increased resource needs of another virtual machine can therefore have a considerable impact on the virtual machine. This fault of isolation of a virtual machine with respect to events occurring in another virtual machine constitutes a new type of security vulnerability. Malicious people can thus exploit this fault by deliberately provoking variations in the quantity of resources consumed in first virtual machines, in order to trigger resource contention management mechanisms producing their effects in other virtual machines. This constitutes a new form of attack which is as yet not dealt with as such. In effect, the detection of attacks is generally focused on a resource space manipulated directly by an attacker: the attacker manipulates and attacks the resources of this space and the known attack detection methods are focused only on this resource space. Thus, no attack is detected on machines which do not form part of this space. With this new type of attack, the harmful effect is obtained as it were by edge effect. The current attack detection mechanisms are unsuited to detecting and analyzing this new type of attack.